CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3055 – WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2025-3055
04 Jun 2025 — The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). El complemento WP User Frontend Pro para WordPress es vulnerable a... • https://headwayapp.co/wp-user-frontend-changelog • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3054 – WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-3054
04 Jun 2025 — The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software ... • https://github.com/frogchung/CVE-2025-3054-Exploit • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24649 – WP User Frontend < 3.5.29 - Obscure Registration as Admin
https://notcve.org/view.php?id=CVE-2021-24649
31 Oct 2022 — The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin El complemento de WordPress WP User Frontend anterior a 3.5.29... • https://wpscan.com/vulnerability/9486744e-ab24-44e4-b06e-9e0b4be132e2 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 47%CPEs: 1EXPL: 5CVE-2021-25076 – WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25076
27 Dec 2021 — The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting El plugin WP User Frontend de WordPress versiones anteriores a 3.5.26, no comprueba ni escapa del parámetro status antes de usarlo en una sentencia SQL en el panel de control de los suscriptores, conllevando a una i... • https://packetstorm.news/files/id/166071 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •